Re: Connect error - Mailing list pgsql-novice

From Russell Shaw
Subject Re: Connect error
Date
Msg-id 4003681C.6080203@iprimus.com.au
Whole thread Raw
In response to Re: Connect error  (Bruno Wolff III <bruno@wolff.to>)
Responses Re: Connect error
List pgsql-novice
Bruno Wolff III wrote:
> On Mon, Jan 12, 2004 at 07:42:41 -0800,
>   Bill Moseley <moseley@hank.org> wrote:
>
>>I don't know php, but is it (or Apache) running as user russell?  If
>>not, then you can't authorize by IDENT.
>
> It is possible to authenticate using ident using a map that says the
> webserver account is allowed to use the db account "russell". The web server
> must either be on the same machine uisng domain sockets for connecting
> (which looks to be the case here) or be running an ident server.
>
> If you do this you are implicitly trusting the web server account, which
> might not be a good idea in some circumstances. You might want to create
> a separate db account for the web server with miminal privileges needed
> for its task.

In pg_ident.conf, i put:

   # MAPNAME   IDENT-USERNAME  PG-USERNAME
   apache      www-data        russell
   apache      russell         russell

This works:
   psql -U russell parts_list

This doesn't:
   psql -U www-data parts_list

It says: psql: FATAL:  IDENT authentication failed for user "www-data"

I've tried adding -h localhost also.

How can i test the identd server for user www-data?
www-data is in /etc/passwd, and i can also su to it.


pgsql-novice by date:

Previous
From: Bill Moseley
Date:
Subject: Re: Connect error
Next
From: Oliver Elphick
Date:
Subject: Re: Case sensitivity